Troj/Mdrop-CLF

Category: Viruses and Spyware Protection available since:16 Mar 2010 08:40:16 (GMT)
Type: Trojan Last Updated:16 Mar 2010 08:40:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-CLF is a Trojan for the Windows platform.

Troj/Mdrop-CLF includes functionality to:

 - run automatically
 - access the internet and communicate with a remote server via HTTP

Troj/Mdrop-CLF communicates via HTTP with the following locations:

   cia . gg
   zetone . ch
   google . com

When Troj/Mdrop-CLF is installed the following files are created:

<User>\Local Settings\Application Data\rdr_1268726613.exe
<Windows>\bill103.exe

The following registry entry is created to run bill103.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
sysfbtray
<Windows>\bill103.exe

Troj/Mdrop-CLF changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy